Offering a Helping Hand to AgenciesCISO Tom Smith Evangelizes Risk Management to Non-IT Leaders
Howard Schmidt, the information security expert who President Obama tapped Tuesday as his cybersecurity coordinator Tuesday and served as a senior cybersecurity adviser in the Bush administration, is characterized as a no-nonsense leader who will take no guff from senior White House advisers in advancing the administration's cybersecurity initiatives.
"Howard is going to surprise a lot of people in Washington," Alan Paller, director of research at the SANS Institute and like Schmidt one of the nation's leading information security authorities, said in an e-mail message to GovInfoSecurity.com. "He had extraordinary successes as CISO (chief information security officer) at Microsoft - at a time when security wasn't very high on most of the Microsoft officers' priority lists. He has demonstrated that he can forge sufficient support to overcome resistance and get things done."
Schmidt, in a video posted on the White House website, said the president had directed him to focus on several priority areas:
- Develop a new comprehensive strategy;
- Secure American networks;
- Ensure an organized, unified response to future cyber incidents;
- Strengthen public-private partnerships here at home and international partnerships with allies and partners; Promote research and development of next generation of technologies; and
- Lead a national campaign to promote cybersecurity awareness and education.
"Because ultimately no one - not government, not the private sector, not individual citizens - can keep us safe and strong alone when it comes to cybersecurity, our vulnerability is shared," Schmidt said. "And, so is our responsibility to ensure that our networks are secure, trustworthy and resilient. So, as I told the president, I'm committed to bring all these stakeholders together around a new, comprehensive cyber strategy that keeps America secure and prosperous."
Dual Reporting Structure
The cybersecurity coordinator will report to the White House National Security Adviser James Jones and National Economic Adviser Lawrence Summers, both strong personalities with sometimes differing agendas.
"Of great value to the position he is entering, he's already been burnt badly by overzealous White House Council of Economic Advisors staff members - when they emasculated the original draft of the National Strategy to Secure Cyber Space - so I expect he wouldn't have taken the job without getting some assurance that Larry Summers will not veto any initiatives that ask industry to ensure the security of the products and services they sell or the security of the power and communications networks."
The post does not require Senate confirmation.
Karen Evans, who worked with Schmidt when she was the Bush administration's de facto federal chief information officer, called the new cybersecurity coordinator an excellent choice because he's a "seasoned veteran of the White House" with extensive knowledge of cybersecurity, critical infrastructure and policymaking. "Howard," Evans said in an e-mail message, "knows how the White House works and he has stayed involved in the federal community."
Evans said Schmidt's early priorities will be to ensure agencies continue in following the recommendations found in the administration's 60-day cybersecurity policy review released last spring. "The biggest area will be assisting DHS (Department of Homeland Security) to build out their capacity to provide the incident response services necessary and ensuring agencies are completing their plans as outlined in the Trusted Internet Connection (TIC) initiative," Evans said. The TIC initiative involves sharply reducing the number of access points between the Internet and government systems.
Obama, in outlining his cybersecurity agenda in a White House speech last May, said that he would name a cybersecurity coordinator to oversee not only information security initiatives in the federal government, but also among state and local governments and the private sector. He said the adviser would have access to him. However, some supporters of a White House cybersecurity adviser had called for a more senior-level adviser with more direct access to the president
Paller said the biggest initial challenges Schmidt faces is being buried by people who seek to influence him and by accepting too many speaking engagements. "The inescapable demands of those two forces has already damaged the effectiveness of others who take on top cyber roles," Paller said.
Presidential Commitment is Foremost
In an interview with GovInfoSecurity.com this summer, Schmidt said regardless of whom the cybersecurity adviser reports to, what's crucial is that the president makes cybersecurity a national priority, something he says Obama has done.
"We have to make sure that the power of the office of the Executive Office of the President is behind it," Schmidt said in the interview. "So whether it is reporting to the national security adviser, national economic adviser or it is someplace else, as long as it has the ability to do what needs to be done to coordinate across the government agencies.
"If you look now what we have seen across the Department of Homeland Security and Energy and Defense and the FBI, we see a new cadre of highly professional people who are working these issues and have a new mandate, a new lease on life if you would, working it. ... These folks are in place doing what they need to do to make the environment more secure, not only for the government systems, which is rightly important, but also in working with their private sector partnerships."
Since Obama announced his intention of naming a cybersecurity coordinator, Schmidt's name has appeared on nearly every list of a prospective IT security adviser. When asked last August if he would be interested in the job, Schmidt responded: "Well, you know, public service, I think is any thing that any American would like to do. I see it pop up once in a while, and it is one of the things that I think is important to recognize. If ever an opportunity comes to serve our country in some fashion, I sit on some government boards now as an adviser, but I think it is important."
Then asked whether he had talked to the White House about this cybersecurity position, he hesitated a moment, then said: "A lot of people's names come up, and I think there is ... obviously they have got a very important decision to make."
In the field of cybersecurity, Schmidt has done it all.
Schmidt spent more than 30 years in public service, including a stint as the White House special adviser on cyberspace security and as chief strategist for the U.S.-CERT (United States Computer Emergency Response Team) Partners Program at the Department of Homeland Security. He serves on an IT privacy board that advises the National Institute of Standards and Technology, the Commerce Department and White House.
In the private sector, Schmidt has held top IT security posts at Microsoft and eBay. An author of two IT security books, Schmidt has academic affiliations with Georgia Institute of Technology, Carnegie Mellon and Idaho State University.
Schmidt is the first and current president of the Information Security Forum, an independent, not-for-profit association aimed at harnessing the brainpower of public and private-sector experts in IT security and risk management.